A supervisory control and data acquisition (SCADA) system may be subject to integrity attacks. Anomalies in sensor measurements may be used to detect these attacks, but such techniques do not permit us to locate attacking nodes. We propose a novel technique to enable this. Each participating network node probabilistically copies packets and marks them with routing information, before encrypting them with private keys and forwarding them to the operator. Nodes regularly release the keys used to encrypt packets. At that point, the operator may compare the copied packets with the original. Using the differences in packet content and routing information, it is possible to deduce to within one or two processes the location of an attack. Our approach is based on IP traceback techniques originally used for detecting the origin of denial of service attacks. The complexity of the approach is low and the technique can be shown to be resilient to counter–attack.

Related articles

Considerable research has focused on developing simulation environments to study the effects of cyber–attacks on supervisory control and data acquisition (SCADA) systems although a methodology to develop a SCADA security testbed is not yet available. This paper attempts to address the issue by presenting a reference model taken from the literature and classifying specific contributions on the development of SCADA security testbed according to the reference model. Specific techniques and experiments used to...

SCADA stands for supervisory control and data acquisition; it is a computer system for gathering, analysing and monitoring real time data. SCADA systems are used to monitor and control plants or equipments in a variety of modern industries. SCADA is a critical information system; its criticality comes from the fact that SCADA systems are currently vital components of most nations' critical infrastructures; also failure in SCADA systems may result in catastrophic consequences. SCADA as a critical information...

Deteriorating infrastructure continues to plague municipalities across the U.S., compromising local budgets and natural resources. Utility officials nationwide are actively searching for innovative strategies to circumvent these problems. When the Cary ville-Jacksboro Utility Commission (CJUC), located 36 miles north of Knoxville, Tenn., began restoring its collection system, it successfully avoided $13 million in equipment upgrades and $18,000 in energy costs in just one year of implementation.The utility first...

IntroductionThe submerged membrane bioreactor plant at Collini galvanic industries in the West of Austria is a fine example of process optimization in a complex industrial environment. The plant is owned and operated by Collini and is now in its 3rd year treating wastewater from a metal processing facility. It is sited in an industrial estate and discharges into a small waterway in an Alpine region characterized by agriculture and leisure activities. The average flow is 960m3/d and the wastewater contains...

Critical infrastructure interdependency models are typically used in a simulation–based perspective, in order to perform 'what if?' analyses and identify structural vulnerabilities in a dynamic perspective. While in the literature some attempts have been made to use interdependency models at real time, such approaches are flawed by the inability to properly determine the ongoing situation. Such models, typically, receive data from SCADA systems, which are mostly able to assess the effects of failures rather...

Customer comments

No comments were found for Locating subverted processes using random packet comparison in SCADA systems. Be the first to comment!